Warning: PyPi Feature Executes Code Automatically After Python Package Download

The Hacker News Daily Updates [Newsletter]( [cover]( [Making the Move to Desktops as a Service: Aligning Security with Productivity]( Boost productivity and security - for as many as 10,000+ users. [Download Now]( Sponsored LATEST NEWS Sep 2, 2022 [JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users]( More details have emerged about the operators behind the first-known phishing campaign specifically aimed at the Python Package Index (PyPI), the official third-party software repository for the programming language. Connecting it to a threat actor tracked as JuiceLedger, cybersecurity firm ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [The Ultimate Security Blind Spot You Don't Know You Have]( How much time do developers spend actually writing code? According to recent studies, developers spend more time maintaining, testing and securing existing code than they do writing or improving code. Security vulnerabilities have a bad habit of popping up during the software development process, ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Warning: PyPI Feature Executes Code Automatically After Python Package Download]( In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers]( Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group. The findings suggest that "Evil Corp is likely using ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content]( A "major" security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them. The clipboard poisoning attack is said to have ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [SASE for Dummies 2nd Edition]( SASE for Dummies 2nd edition is here. Understand all the SASE basics, and much more. It’s a concise, 5-chapter, a must-read for IT leaders looking to support their digital business needs today and into the future. [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India